Creating a Technology Disaster Plan
•Descargar como PPTX, PDF•
1 recomendación•376 vistas
These slides go with the webinar linked below, in it we go over the topics covered in the slides and answer a few questions from people attending the live session. http://lsntap.org/blogs/creating-technology-disaster-plan
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Creating a Technology Disaster Plan
Similar a Creating a Technology Disaster Plan (20)
Más de Legal Services National Technology Assistance Project (LSNTAP)
Más de Legal Services National Technology Assistance Project (LSNTAP) (20)
Último
Último (20)
Creating a Technology Disaster Plan
- 1. Creating a Technology Disaster Plan June 21, 2017
- 2. Joshua Peskay IDEALWARE EXPERT TRAINER Vice President of Technology Strategy, RoundTable Technology joshua@roundtabletechnology.com INTRODUCTIONS
- 4. Can be found on the course page! What We’ll Cover What Could Happen? Four Scenarios Your First Response Review Your Systems Get Back Online Other Planning Considerations TABLE OF CONTENTS
- 6. Poll Have you ever worked at an organization that suffered significant data loss or destruction to the office? A. Yes B. No C. Not sure WHAT COULD HAPPEN?
- 7. There Are So Many Potential Disasters Which are most likely to affect you? Do have a plan to deal with those disasters if/when they occur? WHAT COULD HAPPEN?
- 8. Flood Look around the office. What would happen if you were standing in water? Do you have computers or servers on the ground? WHAT COULD HAPPEN?
- 9. Earthquake The power’s out. The building is structurally compromised. What do you do? WHAT COULD HAPPEN?
- 10. Tornado How likely is it that your documents, hardware, or equipment will be picked up and carried away? WHAT COULD HAPPEN?
- 11. Fire What would happen if your office went up in flames? WHAT COULD HAPPEN?
- 12. Hacking If a thief or vandal broke into your systems, how would you recover? WHAT COULD HAPPEN?
- 13. Ransomware You’re locked out of your data. What will you do? WHAT COULD HAPPEN?
- 14. Poll What kinds of disasters are you most worried about? A. Flood B. Earthquake C. Tornado D. Fire E. Hacking/Ransomware F. Staff errors G. Other WHAT COULD HAPPEN?
- 15. Four Scenarios 2
- 16. 1. Your Tech Is Gone Imagine every piece of technology is your office is taken and replaced with brand new equipment. FOUR SCENARIOS
- 17. 2. The Power Is Out Imagine that the power is out for two full weeks. How will that affect your ability to get work done? FOUR SCENARIOS
- 18. 3. A Senior Staff Member Disappears Image that your Executive Director or IT Director were to disappear suddenly. Would you have access to work files, financials, accounts, or other organizational resources? FOUR SCENARIOS
- 19. 4. There’s a Breach Imagine that donor credit card information, social security numbers, or sensitive case information are stolen. How will you respond? FOUR SCENARIOS
- 21. Is Everyone Safe? Check in with staff, volunteers, and anyone else who might be in your office during or just after a disaster. YOUR FIRST RESPONSE
- 22. Declare the Incident • Announce what happened. • Alert the team. • Initiate the plan. YOUR FIRST RESPONSE
- 23. How Will You Communicate? Know how to reach people in the event of an emergency. YOUR FIRST RESPONSE
- 24. Define Roles Assigning roles to key staff members will speed up the recovery and cut down on chaos and confusion. Just make sure you have a secondary person to step in if the primary person is not available to carry out their role. Credit: Women of Color in Tech Chat YOUR FIRST RESPONSE
- 25. Typical Roles Executive Director: Manages the recovery and is the broad decision maker. IT Director: Directs and executes the recovery of data, computers, infrastructure hardware, networks, software, and any other technology. Operations Director: Manages the recovery of the building and facilities. HR Director: Manages staff and informs them of the recovery progress. Program Directors: Provide input into the data and services related to programs. Communications Director: Communicates with supporters, donors, and the media. YOUR FIRST RESPONSE
- 26. Keep a Directory Create a handy directory that includes multiple ways to contact each person. Don’t forget non-staff contacts such as the building manager or facilities staff, IT consultants, security system company, insurance company, internet service provider, and others. YOUR FIRST RESPONSE
- 27. Establish a Meeting Place If your office is damaged, people will need somewhere to go where you all can talk and regroup. YOUR FIRST RESPONSE
- 28. Also Have a Plan B Your meeting place might be right in the middle of the disaster. YOUR FIRST RESPONSE
- 29. What Else Do People Need? Food? Shelter? Transportation? Think about what your organization will provide to make it easier for your staff members to get through the disaster. YOUR FIRST RESPONSE
- 30. Poll How confident are you that you’ll be able to reach everyone associated with your nonprofit that you need to contact in an emergency? A. Very confident B. Somewhat confident C. Not very confident D. Extremely unconfident YOUR FIRST RESPONSE
- 32. What Is the Acceptable Level of Risk? The question is bigger than IT. You’re making decisions about the long- term wellbeing of your organization. REVIEW YOUR SYSTEMS
- 33. Example: Community Theatre Your systems are minimal and your data isn’t very sensitive. REVIEW YOUR SYSTEMS
- 34. Example: Domestic Violence Shelter Victims could be facing a life-or-death situation. REVIEW YOUR SYSTEMS
- 35. Poll How important is it that your organization continuously provides services during a disaster? 5 (Every minute counts.) 4 3 2 1 (We could close for a few days and everything would be fine.) REVIEW YOUR SYSTEMS
- 36. What Are Your Essential Functions? Rank the activities or functions of your organization by what’s most essential. The top ranked functions are what you’ll restore first. REVIEW YOUR SYSTEMS
- 37. Inventory Equipment, Systems, and Hardware What are all of the tools you use to keep your organization running? REVIEW YOUR SYSTEMS
- 38. Match Equipment to Essential Functions This will help you prioritize what to fix, replace, or get back online first. REVIEW YOUR SYSTEMS
- 39. Think About Processes If you don’t have all of your tools, can you still get the job done? How might your process need to change to accomplish this? Document these alternative processes. REVIEW YOUR SYSTEMS
- 40. Duplication? If there’s something you can’t live without, you may need to duplicate it elsewhere to ensure that it’s immediately available. REVIEW YOUR SYSTEMS
- 41. How Will You Contain an Infection? If your systems suffer a malware attack you’ll need to: • Disconnect compromised systems. • Collect important data. • Gather external intelligence. • Safeguard all systems and media. • Collect Logs. Source: Cybersecurity Ninja Series from RoundTable Technology REVIEW YOUR SYSTEMS
- 42. What About Paper? Make sure you have digital copies of paper files. Also, don’t overlook the value of having paper copies of essential files. In cases where the digital files are inaccessible, paper might save you. REVIEW YOUR SYSTEMS
- 43. Into the Chat What’s the first process or technology you’ll need to recover? REVIEW YOUR SYSTEMS
- 44. Case Study: Her Justice REVIEW YOUR SYSTEMS
- 45. Sandy Was on the Way Mary O’Shaughnessy, Executive Director, quickly made a plan a couple of days before the storm struck. REVIEW YOUR SYSTEMS
- 46. Powered Down In anticipation of losing power, she shut down all electrical devices in the office, including servers, computers, and copiers. REVIEW YOUR SYSTEMS
- 47. Closed for the Week As Manhattan flooded, O’Shaughnessy decided to close the office for a week. REVIEW YOUR SYSTEMS
- 48. Fast Recovery Once the water had receded and the power was back on, all Her Justice had to do was turn its servers and computers back on and it could get back to work. REVIEW YOUR SYSTEMS
- 49. The Incident Prompted Planning Her Justice took another look at its infrastructure and processes and decided that the Cloud was a better choice. REVIEW YOUR SYSTEMS
- 51. Replacing Hardware If your hardware was damaged in the disaster, how will you replace it? Keep a list of approved vendors and approximate pricing so that it’s easy to replace the hardware quickly. GETTING BACK ONLINE
- 52. Where Is Your Data? Did you lose data or suffer damage to your servers? Inventory what data is still intact and accessible and what isn’t. GETTING BACK ONLINE
- 53. Are You Confident in Your Backups? Are you sure your data is being backed up properly? How confident are you that you’ll be able to restore a backup quickly and thoroughly? It’s wise to practice restoring a backup once each month. GETTING BACK ONLINE
- 54. Poll How confident are you that your nonprofit could restore a backup within a few hours? A. Very confident B. Somewhat confident C. Not very confident D. Extremely unconfident GETTING BACK ONLINE
- 56. Workday vs. Weekend How will your response need to be different if people are in the office versus at home? OTHER PLANNING CONSIDERATIONS
- 57. Training and Practice Until you walk through it, there are a lot of small details that can be easy to overlook. OTHER PLANNING CONSIDERATIONS
- 58. Are You Insured? Look through your policies and find out what they cover and what they don’t. OTHER PLANNING CONSIDERATIONS
- 59. Put Your Plan on Paper If it’s in your head, it will do no one any good if you’re unavailable. Also, chances are you’ve overlooked something. OTHER PLANNING CONSIDERATIONS
- 60. Safely Store Your Plan Keep your plan in multiple secure locations. In the Cloud, on a thumb drive, and on paper are all good options. OTHER PLANNING CONSIDERATIONS
- 61. In Review 1. Imagine the worst—what kind of disaster could strike your organization? 2. Be ready to respond quickly—how will you make sure staff are safe and rally everyone? 3. Review your systems—review and prioritize your activities and the systems that support them. 4. Consider the processes and procedures for getting back online. 5. Don’t forget the small details! 6. Write out your plan—put everything you’ve thought about today into a written plan that guides your organization through the recovery process. OTHER PLANNING CONSIDERATIONS
- 62. Safety Matters For more information on how to help your staff members stay safe in an emergency, visit: • www.ready.gov/workpla ce-plans • www.redcross.org/get- help/prepare-for- emergencies/workplac es-and-organizations OTHER PLANNING CONSIDERATIONS
- 63. THANK YOU FOR JOINING US! Questions? Don’t forget to fill out our survey: [Link]
Notas del editor
- So what does this all mean? How do you get started?
- Water creates a whole bunch of problems. Anything electrical will be damaged, but you’ll also likely be out of the office for a while even after the water recedes because the carpets will need to be taken out and everything will need to be dried thoroughly to prevent mold.
- There’s a chance you have to give up on your building. Do you have a way of working outside your building? Is your database or other software in the cloud and can people temportarily work from home or at another site?
- Remember, things will not only burn, but water damage is likely to occur from sprinklers and other measures intended to put the fire out.
- What protocol do you have in place to jump into action to contain the infection and clean it up before something worse happens? Will someone on staff even know what to do?
- These four scenarios cover most disasters—natural or otherwise.
- In this scenario, what information will have been lost forever? How long would it take your organization to access the data that is backed up? Consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
- In this scenario, what information is accessible to your staff during those two weeks? Again, consider not just files, but databases and applications such as accounting software, fundraising, membership, email and all the things your organization needs to function.
- Don’t worry, they are OK. Blissful. But gone. You have no idea where they went and you can’t talk to them about anything. Ever. What information did they have about your organization that no one else has? What organizational functions will struggle the most without them?
- Donor’s credit card information. Client’s SSNs. How will you handle this? Who will communicate with constituents? Who will manage the response?
- VoiP? Other issues…. If power goes out
- Typically the ED is the leader/chair Also include program leadership, IT, HR, operations, and communications. Your plan should spell out what each one does and when in the course of the incident.
- Also note that people should be assigned to contact others so that no one gets overlooked. Some sort of phone tree method might work.
- Also, have a plan B. Example of Her Justice
- A community theatre might not do a ton of prevention or take extraordinary steps to recover after a disaster—especially if credit card information is not stored on site.
- Whereas a domestic violence shelter needs to protect victims’ identity so that abusers can’t find them. And if the facility is unlivable, they still need a place to sleep that’s secure—you don’t want to have to make someone sleep on the street. In this case, having redundancies/or backup plans to ensure that information is secure and that shelter guests have a place to go is extraordinarily important and all has to be detailed in the plan.
- The most extreme example is a facility that everyone can move to right away. More likely is a server environment in the Cloud or stored at another location.
- With power out there was no email, so not much else they could do. Only could check voicemail because they had VOIP lines. Contrast this with a food pantry or health care organization that would have to find a way to stay operating.
- Double check your insurance coverage to make sure your hardware is covered in a disaster
- Talk about how restoring backups can sometimes be tricky and reinforce the point that just because you’re using Cloud storage doesn’t mean that your backing up everything properly. For example, if you’re using a sync and a file gets corrupted or infected, then every synced version will also be affected.
- For example: Where is the key to the server closet? Who can access the building after hours?